CVE-2022-43451: Multiple path traversal in appspawn and nwebspawn services.
First published: Thu Nov 03 2022(Updated: )
OpenHarmony-v3.1.2 and prior versions had an Multiple path traversal vulnerability in appspawn and nwebspawn services. Local attackers can create arbitrary directories or escape application sandbox.If chained with other vulnerabilities it would allow an unprivileged process to gain full root privileges.
Credit: scy@openharmony.io
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Openharmony Openharmony | >=3.1<=3.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-43451?
CVE-2022-43451 refers to a multiple path traversal vulnerability in OpenHarmony-v3.1.2 and prior versions.
How severe is CVE-2022-43451?
CVE-2022-43451 has a severity rating of 6.5 (High).
What is the impact of CVE-2022-43451?
CVE-2022-43451 allows local attackers to create arbitrary directories or escape application sandbox, potentially leading to unauthorized access and privilege escalation.
How can I mitigate CVE-2022-43451?
To mitigate CVE-2022-43451, it is recommended to update OpenHarmony to version 3.1.2 or later.
Where can I find more information about CVE-2022-43451?
You can find more information about CVE-2022-43451 at the following reference: [link](https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-11.md)
- collector/nvd-index
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/title
- agent/last-modified-date
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- vendor/openharmony
- canonical/openharmony openharmony
- version/openharmony openharmony/3.1
- version/openharmony openharmony/3.1.2